"Domain tasters" take advantage of a five-day domain name grace period to …

Share this story

Never ones to let a good deed go unpunished, scammers quickly learned to take advantage of a user-friendly policy that allowed a misregistered domain name—perhaps due to a typo—to be withdrawn at no cost. Scammers used this "Add Grace Period" to grab huge numbers of domains, throw up pages full of advertising, then withdraw the applications before the bill came due.

It was a practice known as "domain tasting," and it gave the Internet Corporation for Assigned Names and Numbers (ICANN) a bad case of indigestion. ICANN, which manages domain name assignments, ultimately responded by imposing penalties that would ensure any group that performed an excessive number of these premature withdrawals wound up with a substantial bill. In a report on the results of the new policy, released yesterday, ICANN announced that its actions have essentially eliminated the delicious art of domain tasting.

Money for nothing

Domain tasters managed to make money with the practice, which essentially cost them nothing, in several ways. By registering variants of some domain name in bulk, it would be possible to direct them all to a simple webpage that harvested revenue from advertising services (Google, for example, acted to block the practice around the same time ICANN did). These could be used to quickly grab users looking for something related to a current event, or to sample a wide range of typos for a popular site; any names with staying power could be kept, while the rest could be discarded after a few days at no cost.

An alternate approach was to track users as they searched for the availability of different domain names, then register anything they considered. If the user ultimately tried to register one, the domain taster could offer to part with the one they'd registered at an inflated price; if nothing happened in a few days, the name was returned.

None of this was very seemly, and it created an added burden for the domain management system. Ultimately, the practice attracted a class action lawsuit.

In 2008, ICANN decided to act. It allowed domain registrars to withdraw as many as 10 percent of their total registrations; they would face penalties for anything above that. Initially, ICANN adopted a budget that included a charge of $0.20 for each withdrawal above the limit, which was in effect from June 2008 to July of this year. Later, it adopted an official policy that raised the penalty to $6.75, the cost of a .org registration; that took effect in July 2009.

The results have been dramatic. Even under the low-cost budget provisions, domain withdrawals during the grace period dropped to 16 percent of what they had been prior to its adoption. Once the heavy penalties took hold, the withdrawal rate dropped to under half a percent. Essentially, as the report's title states, we've seen "the end of domain tasting."

One of the unfortunate aspects of networked computing is that the cost of antisocial behaviors is so small (especially if you have access to a botnet) that it's easy to profit from activities that make the Internet a less pleasant place. It's nice to see that ICANN has figured out how to make one of these behaviors unprofitable, but it will be difficult or impossible to apply this model to many other unpleasant scams... or spams.